At least one of data, an indication of the data, and metadata associated with the data is received at a first computing system, wherein the data is to be categorized. It is determined that at least part of the data is not to be categorized by the first computing system. In response to a determination that at least part of the data is not to be categorized by the first computing system, it is determined that a second computing system is indicated for categorization of the data and at least one of the data, an indication of the data, and the metadata associated with the data is transmitted from the first computing system to the second computing system.
Legal claims defining the scope of protection, as filed with the USPTO.
1. A system for categorizing data to perform access control, the system comprising: a first computing system configured to, receive first data, the first data comprising at least one of a portion of data to be categorized and metadata associated with the data to be categorized; determine that the first data belongs to a first category; in response to determination that the first data belongs to a first category, apply a first access control policy to actions on the data to be categorized; determine that additional categorization of the data to be categorized is needed for one or more actions on the data to be categorized, wherein said making a determination that additional categorization of the data to be categorized is needed for the one or more actions comprises the first computing system being configured to at least one of, determine that additional categorization of the data by the first computing system would take a length of time greater than a first threshold; determine that additional categorization of the data by the first computing system would use resources of the first computing system greater than a second threshold; and determine that the data is associated with a data type; and in response to a determination that additional categorization of the data to be categorized is needed for the one or more actions, issue a request for the second computing system to categorize second data, the second data comprising at least one of a portion of the data to be categorized and metadata associated with the data to be categorized; a second computing system coupled through a network with the first computing system, the second computing system configured to, receive at least one of the second data and an indication of the second data; determine that the second data belongs to a second category; in response to a determination that the second data belongs to a second category, apply a second access control policy to at least one action of the one or more actions.
2. The system according to claim 1 , wherein the first computing system includes a first categorization engine configured to categorize the first data according to a first categorization policy, and the second computing system includes a second categorization engine configured to categorize the second data according to a second categorization policy.
3. The system according to claim 1 , wherein the first computing system comprises a client computing system configured to receive a selection of an action to be performed regarding the data to be categorized, and the second computing system comprises at least one of an intermediate server and an enterprise server computing system.
4. The system according to claim 1 , wherein the first computing system is further configured to permit execution of at least one action of the one or more actions prior to applying the second access control set to the action of the one or more actions.
5. A method comprising: receiving, at a first computing system, at least one of data, an indication of the data, and metadata associated with the data, wherein the data is to be categorized; determining a first category for a first part of the data based, at least in part, on at least one of the data, the indication of the data, and the metadata associated with the data; applying a first access control policy to at least one of the first part of the data, a file associated with the first part of the data, and an operation associated with the first part of the data, wherein the first access control policy is associated with the first category; determining that a second part of the data is not to be categorized by the first computing system, wherein said determining that the second part of the data is not to be categorized by the first computing system comprises at least one of, determining that categorization of the second part of the data by the first computing system would take a length of time greater than a first threshold; determining that categorization of the second part of the data by the first computing system would use resources of the first computing system greater than a second threshold; and determining that the second part of the data is associated with a data type; in response to said determining that the second part of the data is not to be categorized by the first computing system, determining that a second computing system is indicated for categorization of the second part of the data; and transmitting, from the first computing system, at least one of the second part of the data, an indication of the second part of the data, and metadata associated with the second part of the data to the second computing system; receiving, from the second computing system, an indication of one of a second category or a second access control policy, wherein the second access control policy is associated with the second category; applying the second access control policy to at least one of the second part of the data, a file associated with the second part of the data, and an operation associated with the second part of the data.
6. The method of claim 5 , wherein the data type is one of text data, image data, audio data, and video data.
7. The method of claim 5 further comprising: determining the first access control policy based, at least in part, on the first category.
8. The method of claim 5 further comprising: in response to receiving, from the second computing system, the indication of the second category, determining the second access control policy based, at least in part, on the second category.
9. The method of claim 5 , wherein the second part of the data is embedded in the first part of the data.
10. The method of claim 5 , wherein the first computing system is a mobile device and the second computing system is a server.
11. A computer program product for categorizing data to perform access control, the computer program product comprising: a non-transitory computer readable storage medium having computer usable program code embodied therewith, the computer usable program code comprising a computer usable program code configured to, detect at least one of data, an indication of the data, and metadata associated with the data, wherein the data is to be categorized; determine a first category for a first part of the data based, at least in part, on at least one of the data, the indication of the data, and the metadata associated with the data; apply a first access control policy to at least one of the first part of the data, a file associated with the first part of the data, and an operation associated with the first part of the data, wherein the first access control policy is associated with the first category; determine that a second part of the data is not to be categorized, wherein said program code configured to determine that the second part of the data is not to be categorized comprises program code configured to at least one of, determine that categorization of the second part of the data would take a length of time greater than a first threshold; determine that categorization of the second part of the data would use resources greater than a second threshold; and determine that the second part of the data is associated with a data type; in response to a determination that the second part of the data is not to be categorized, determine that a first computing system is indicated for categorization of the second part of the data; and transmit at least one of the second part of the data, an indication of the second part of the data, and metadata associated with the second part of the data to the first computing system: detect an indication of one of a second category or a second access control policy, wherein the second access control policy is associated with the second category; and apply the second access control policy to at least one of the second part of the data, a file associated with the second part of the data, and an operation associated with the second part of the data.
12. The computer program product of claim 11 , wherein the data type is one of text data, image data, audio data, and video data.
13. The computer program product of claim 11 , wherein the computer usable program code is further configured to: determine the first access control policy based, at least in part, on the first category.
14. The computer program product of claim 11 , wherein the computer usable program code is further configured to: in response to a detection of an indication of the second category, determine the second access control policy based, at least in part, on the second category.
15. The computer program product of claim 11 , wherein the the second part of the data is embedded in, the first part of the data.
16. An apparatus comprising: a processor; and a computer readable storage medium coupled to the processor, the computer readable storage medium having computer usable program code embodied therewith, the computer usable program code executable by the processor to cause the apparatus to, detect at least one of data, an indication of the data, and metadata associated with the data, wherein the data is to be categorized; determine a first category for a first part of the data based, at least in part, on at least one of the data, the indication of the data, and the metadata associated with the data; apply a first access control policy to at least one of the first part of the data, a file associated with the first part of the data, and an operation associated with the first part of the data, wherein the first access control policy is associated with the first category; determine that a second part of the data is not to be categorized by the apparatus, wherein said program code being executable by the processor to cause the apparatus to determine that the second part of the data is not to be categorized by the apparatus, comprises program code executable by the processor to cause the apparatus to at least one of, determine that categorization of the second part of the data would take a length of time greater than a first threshold; determine that categorization of the second part of the data would use resources greater than a second threshold; and determine that the second part of the data is associated with a data type; in response to a determination that the second part of the data is not to be categorized by the apparatus, determine that a computing system is indicated for further categorization of the second part of the data; and transmit at least one of the second part of the data, an indication of the second part of the data, and metadata associated with the second part of the data to the computing system; detect an indication of one of a second category or a second access control policy, wherein the second access control policy is associated with the second category; apply the second access control policy to at least one of the second part of the data, a file associated with the second part of the data, and an operation associated with the second part of the data.
17. The apparatus of claim 16 , wherein the data type is one of text data, image data, audio data, and video data.
18. The apparatus of claim 16 , wherein the computer usable program code is further executable by the processor to cause the apparatus to: in response to a detection of an indication of the second category; determine the second access control policy based, at least in part, on the second category.
19. The apparatus of claim 16 , wherein the the second part of the data is embedded in the first part of the data.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
December 22, 2011
January 6, 2015
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.